package lumis.portal.group.acl;

import lumis.portal.*;
import lumis.portal.acl.*;
import lumis.portal.authentication.SessionConfig;
import lumis.portal.group.*;
import lumis.portal.channel.acl.ChannelPermissions;
import lumis.portal.dao.*;
import lumis.portal.manager.*;
import lumis.util.*;
import lumis.util.security.acl.*;

/**
 * Manage Group ACLs.
 * 
 * @version $Revision: 9647 $ $Date: 2008-08-06 16:37:36 -0300 (Wed, 06 Aug 2008) $
 * @since 4.0.6
 */
public class GroupAclManager extends AclManager implements IGroupAclManager
{
	public String add(SessionConfig sessionConfig, GroupConfig groupConfig, ITransaction transaction) throws ManagerException, PortalException
	{
		//if (!checkPermission(sessionConfig, null, PortalPermissions.MANAGE_PORTAL_SECURITY, transaction))
		//	throw new AccessDeniedException();
		if (groupConfig.getChannelId() == null)
		{
			if (!ManagerFactory.getPortalAclManager().checkPermission(sessionConfig, PortalPermissions.MANAGE_GROUP, transaction))				
				throw new AccessDeniedException();
		}
		else
		{
			if (!ManagerFactory.getChannelAclManager().checkPermission(sessionConfig, groupConfig.getChannelId(), ChannelPermissions.MANAGE_LOCAL_GROUP, transaction))				
				throw new AccessDeniedException();
		}

		AccessControlList parentAcl = ManagerFactory.getPortalAclManager().get(sessionConfig, transaction);

		// create new acl
		String aclId = super.add(parentAcl, GroupPermissions.getInheritPermissionsMap(), GroupPermissions.getImplies(), transaction);
		groupConfig.setAccessControlListId(aclId);

		return aclId;
	}

	public AccessControlList get(SessionConfig sessionConfig, String groupId, ITransaction transaction) throws ManagerException, PortalException
	{
		return getAclInternal(sessionConfig, groupId, transaction);
	}

	public void update(SessionConfig sessionConfig, String groupId, AccessControlList acl, ITransaction transaction) throws ManagerException, PortalException
	{
		if (!checkPermission(sessionConfig, groupId, GroupPermissions.MANAGE_GROUP_SECURITY, transaction))
			throw new AccessDeniedException();

		GroupConfig groupConfig = ManagerFactory.getGroupManager().get(sessionConfig, groupId, transaction);
		String groupAcl = groupConfig.getAccessControlListId();
		if (!groupAcl.equals(acl.getId()))
			throw new PortalException("STR_INVALID_ACCESS_CONTROL_LIST");

		// force implied permissions
		acl.setImpliedPermissions(GroupPermissions.getImplies());

		super.update(acl, transaction);
	}

	protected AccessControlList getAclInternal(SessionConfig sessionConfig, String groupId, ITransaction transaction) throws ManagerException, PortalException
	{
		AccessControlList acl = null;
		
		if(groupId == null)
		{
			acl = ManagerFactory.getPortalAclManager().get(sessionConfig, transaction);
		}
		else
		{
			GroupConfig groupConfig = ManagerFactory.getGroupManager().get(sessionConfig, groupId, transaction);
			acl = aclCache.get(groupConfig.getAccessControlListId());
			if (acl == null)
			{
				acl = DaoFactory.getAccessControlDao().get(groupConfig.getAccessControlListId(), transaction);
	
				if (acl.isInheriting())
				{
					AccessControlList portalAcl = ManagerFactory.getPortalAclManager().get(sessionConfig, transaction);
					acl.inherit(portalAcl, GroupPermissions.getInheritPermissionsMap());
				}
	
				acl.setImpliedPermissions(GroupPermissions.getImplies());
	
				aclCache.put(groupId, acl);
			}
		}
		
		return acl;
	}

	protected int getRequiredPermissions() throws PortalException
	{
		return GroupPermissions.getRequiredPermissions();
	}
	
	public void checkRequiredPermissions(AccessControlList acl) throws PortalException
	{
		super.checkRequiredPermissionsInternal(acl);
	}
}
